Menu
xml has been the backbone of the service oriented application(SOA) and it will be a useful one in the coming future.
As xml is easy , flexible, it can be easily made vulnerable and the attackers can use it for their own purpose.
As such some of the attacks by are coercive parsing attack, xml external entity(XEE) attack, xml dos(xdos) attack, xml bombs.
can any one tell in detail about these attacks.
how could one can simulate these attacks practically in a single system?
283
However, XML documents have many security vulnerabilities that can be targeted for different types of attacks, such as file retrieval, server side request forgery, port scanning, or brute force attacks."
XML encryption can be used to assure data confidentiality of transmitted messages. You can encrypt an entire message or choose to encrypt only certain elements of the message. However, using XML encryption (either separately from XML digital signatures or in conjunction) can have potential security implications.
XXE injection is a type of web security vulnerability that allows an attacker to interfere with the way an application processes XML data.
XML Injection is an attack technique used to manipulate or compromise the logic of an XML application or service. The injection of unintended XML content and/or structures into an XML message can alter the intend logic of the application.
First we need to distinguish the effect of attack from the feature that is exploited.
Particular features of XML that can be exploited are
The effects can be either
I don't think there is percise definition of a "bomb", but it refers to an attack that is particularly "compact" and which "expands". A "coercive parsing attack" exploits the nature of the XML model to overwhelm the parser.
The examples below are taken from XML Denial of Service Attacks and Defenses. Also, if you understand french, read the excellent magazine "La security des web services".
Example 1
A bomb using entities which result in a DOS because it exhausts the memory
<?xml version="1.0"?>
<!DOCTYPE kaboom [
<!ENTITY a "aaaaaaaaaaaaaaaaaa...">
]>
<kaboom>&a;&a;&a;&a;&a;&a;&a;&a;&a;...</kaboom>
If you have 50'000 "aaaa...aaa" and 50'0000 &a:&a;...&a;, a payload of 200KB expands to more than 2GB in memory
Example 2
An entity could be used to access another file in a unauthorized way. This leads to information disclosure.
<?xml version="1.0"?>
<!DOCTYPE letter [
<!ENTITY file SYSTEM "/sensitive.txt" >
]>
<tag> &file; </tag>
Example 3
Using the ability of certain parser to access remote resources (see http://www.ibm.com/developerworks/xml/library/x-tipgentity.html), now go figure what happens if the file bigfile.xml is 2GB. This probably leads to a DOS.
<?xml version="1.0"?>
<!DOCTYPE letter [
<!ENTITY file SYSTEM "http://www.mysite.com/bigfile.xml" >
]>
<tag> &file; </tag>
Example 4
This recursion will lead to memory exhaust and probably a DOS.
<!ENTITY companyname "Contoso Inc.">
<!ENTITY divisionname "&companyname; Web Products Division">
If this is schoolwork, then you should also think about how you can protect yourself from such attack.
118
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
